The invention generally relates to data securing in computing systems, and in particular to methods, systems, and computer program products for protecting a cryptographic operation.
There exist different types of cryptographic algorithms which are used for encrypting and decrypting data, for authentication or signing. Cryptographic algorithms use secret keys and are based on a succession of several operations that are applied on different states of data blocks that are to be encrypted and provide an encrypted data lock.
However, encryption algorithms may be subject to “attacks” intended to access to the secret keys.
In particular, fault attacks on embedded systems have become a real threat. Fault attacks cause an abnormal condition or defect at a level of the target system, thereby resulting in a failure of the target system. If fault attacks cannot lead to a full control of the attacker over the target system, they may change the operation of the target system. For example, fault attacks may be implemented by an attacker to disturb the target system by using a laser, by varying the supply voltage, by varying the external clock or other methods. The possibly erroneous result can reveal information of the targeted secret data, e.g. a cryptographic key.
There exist fault attacks aiming at violating the confidentiality of the secret keys of a cryptographic algorithm, such as RSA (Rivest, Shamir, & Adleman). A cryptographic algorithm provides an encryption algorithm and a corresponding decryption algorithm. An encryption algorithm (similarly a decryption algorithm) comprises a succession of linear and/or nonlinear operations, each operation applying to a state of a block of the original data (e.g. message).
There exist countermeasures against such fault attacks against RSA, such as FR2884088 or U.S. Pat. No. 5,991,415 A. However this solution is specific to RSA and cannot be applied to any cryptographic algorithm such as for example the Advanced Encryption Standard (AES) which is known to be vulnerable to fault attacks as disclosed in “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD”, CHES 2003, by Gilles Piret and Jean-Jacques Quisquater.
There is accordingly a need for improved methods, systems, computer programs capable of protecting any cryptographic algorithm against fault attacks.